PT-2002-2386 · Mambo · Mambo Site Server

Publicado

2002-12-31

Atualizado

2017-07-11

CVE-2002-1662

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mambo Site Server version 4.0.11

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary scripts on other clients. The vulnerabilities can be exploited via the "search.php" API endpoint and the "Your name" field during account registration.

Recommendations For Mambo Site Server version 4.0.11, consider disabling the search functionality in "search.php" and restricting input in the "Your name" field during account registration to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-1662

Produtos afetados

Mambo Site Server

PT-2002-2386 · Mambo · Mambo Site Server

CVE-2002-1662

Identificadores relacionados

Produtos afetados

Referências · 5